What Happens When 58 Strangers Hack the Pentagon?

From ‘WannaCry’ to the Equifax data breach, cybersecurity breaches have affected millions of Americans. It’s time for us to wake up.

Since 1986, the government has continually passed legislation in an attempt to prevent data breaches of this magnitude from happening. These laws, like the Computer Fraud and Abuse Act (CFFA) that prohibits unauthorized access to computers and networks, can come with severe consequences, like a twenty-year stay in a Federal Penitentiary.

One would think that this should be enough of a deterrent to keep hackers out of other people’s business. But, to this day, hacking is more alive than ever before. And the rate at which technology is expanding only makes it easier for hackers to break into your computers. The Pentagon might be the only governmental department to harness hacking for their own advantage.

Opening the Floodgates

For the first time since CFFA’s inception, the Department of Defense (DoD) isn’t worried about someone hacking into their networks. Actually, they’re encouraging it. Last year, during a project called “Hack the Pentagon,” The DoD invited hackers from all over the U.S. to try and break through their security. On purpose. The idea was that the hackers could help the DoD quickly identify backdoors into their systems so they could be plugged.

Hackers for Hire

This concept isn’t unheard of. Large private corporations have used bug bounties, essentially an all-call to hackers to try and breach their security protocols, since the mid-1990s. “Hack the Pentagon,” however, is the first bug bounty to have ever been issued on behalf of the Pentagon.

The project was a resounding success, with over 138 vulnerabilities found throughout the wide range of DoD websites by 58 hackers. Soon after the success of this program was publicized, “Hack the Army” and “Hack the Air Force” bug bounties were also issued.

Who would have guessed that the government and hackers could become friends?

If it’s Broke, Fix it

While “Hack the Pentagon” was able to quickly identify a serious number of cybersecurity concerns, it’s only one side of the overall problem. Once the problems were acknowledged, they needed to be fixed. While the government is known to be a slow-moving machine, the DoD surprised all by quickly repairing and plugging all of the entry points noted during the project.

While the DoD certainly saw this project as an opportunity for a needed self-assessment, they’re also “trying to do away with the guy in sunglasses and a hoodie in his basement image,” says Michae Chung of Defense Digital Services. “[We’re] trying to put an actual person behind the whole white-hat hacker persona. It really is a shift in thinking.”

Yes, the government stores sensitive confidential information. We would be remiss to not acknowledge the risks they took on by putting out this all-call. However, you have to wonder, were the risks greater if they hadn’t? There were at least 138 open doors into the Pentagon that have now been sealed thanks to 58 hackers who donned white hats and helped secure our most valuable governmental asset. Maybe not all hackers are cybercriminals after all.